If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below. ** If you are logged in, most ads will not be displayed. **

DNS - single domain, two websites /forwarding/

Some days ago I came to the idea of using fake DNS responses, but only for the first request to a given website.

I am a student and I need this "evil idea" only for educational purposes.

In brief:
All I want is to intall a DNS server (for example - BIND) and redistribute it to the clients of my local subnet via DHCP. Then I'll make a fake forwarding for the first request to given website.

For example, if the client wants to open domain.com and it's corresponding IP address is y.y.y.y the DNS server will detect that this is the first request to this site from this IP and redirect it to a fake website (ip.x.x.x). Then, the user will try again by sending the same request and the DNS server will use some kind of algorithm* to discover that the same IP is doing a second request to the same website and resolve it with the proper IP address of the web server.

*I'm thinking of using tcpdump to create a table with the source ip; the url the user wants to open; and maybe some more fields from the tcp header /SYN-ack number/.

If you manage the DNS server you could add an alias to the real entry that adds the fake entry. The way DNS would resolve in that case would be that every other time the correct one would alternate with the fake one.

Another related thing would be to configure the firewall rules of iptables to accept request from certain hosts, and redirect others.

The short answer to all of this is DNS is not setup to do what you want.
I believe you were already told this.

Yes, I understood that this is impossible. Now I'm thinking of just alternating the Destination IP of the packet using shell script + iptables. However, I still have not tried to write it.

My idea is first to do nslookup and GREP the IPs that correspond to the desired domain (let's say facebook.com). Then I need iptables rules to check whether the dest.ip. matches the addresses of the server. If they do - iptables redirects the packet to my fake webserver and also LOGs the information from the packet and GREP the source.ip. So, during that the second try iptables will check whether the source ip mathes the list with the "cheated user" and then will redirect the user to the proper place (the real facebook.com servers).